added sha1 (secure hash function).

2 files changed, 360 insertions, 0 deletions

diff --git a/lib/libc/hash/Makefile.inc b/lib/libc/hash/Makefile.inc
new file mode 100644
index 00000000000..b6355d905af
--- /dev/null
+++ b/lib/libc/hash/Makefile.inc
@@ -0,0 +1,7 @@
+#	$OpenBSD: Makefile.inc,v 1.1 1996/09/29 16:15:04 millert Exp $
+
+# hash functions
+.PATH: ${.CURDIR}/hash
+
+SRCS+=	sha1.c
+#MAN+=	sha1.3
diff --git a/lib/libc/hash/sha1.c b/lib/libc/hash/sha1.c
new file mode 100644
index 00000000000..dd0bac42e3c
--- /dev/null
+++ b/lib/libc/hash/sha1.c
@@ -0,0 +1,353 @@
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: sha1.c,v 1.1 1996/09/29 16:15:05 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * sha1.c
+ *
+ *	signature function hook for SHA1.
+ *
+ * Gene Kim
+ * Purdue University
+ * August 10, 1993
+ */
+
+/* --------------------------------- SHA1.C ------------------------------- */
+
+/* NIST proposed Secure Hash Standard.
+
+   Written 2 September 1992, Peter C. Gutmann.
+   This implementation placed in the public domain.
+
+   Comments to pgut1@cs.aukuni.ac.nz */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sha1.h>
+#ifdef TEST
+#include <time.h>
+#endif
+
+
+/* The SHA1 f()-functions */
+
+#define f1(x,y,z)   ( ( x & y ) | ( ~x & z ) )              /* Rounds  0-19 */
+#define f2(x,y,z)   ( x ^ y ^ z )                           /* Rounds 20-39 */
+#define f3(x,y,z)   ( ( x & y ) | ( x & z ) | ( y & z ) )   /* Rounds 40-59 */
+#define f4(x,y,z)   ( x ^ y ^ z )                           /* Rounds 60-79 */
+
+/* The SHA1 Mysterious Constants */
+
+#define K1  0x5A827999L     /* Rounds  0-19 */
+#define K2  0x6ED9EBA1L     /* Rounds 20-39 */
+#define K3  0x8F1BBCDCL     /* Rounds 40-59 */
+#define K4  0xCA62C1D6L     /* Rounds 60-79 */
+
+/* SHA1 initial values */
+
+#define h0init  0x67452301L
+#define h1init  0xEFCDAB89L
+#define h2init  0x98BADCFEL
+#define h3init  0x10325476L
+#define h4init  0xC3D2E1F0L
+
+/* 32-bit rotate - kludged with shifts */
+
+#define S(n,X)  ( ( X << n ) | ( X >> ( 32 - n ) ) )
+
+/* The initial expanding function */
+
+#ifdef NEW_SHA1
+#define expand(count)   temp = W[ count - 3 ] ^ W[ count - 8 ] ^ W[ count - 14 ] ^ W[ count - 16 ];W[ count ] = S(1, temp)
+#else
+#define expand(count)   W[ count ] = W[ count - 3 ] ^ W[ count - 8 ] ^ W[ count - 14 ] ^ W[ count - 16 ]
+#endif
+
+/* The four SHA1 sub-rounds */
+
+#define subRound1(count)    \
+    { \
+    temp = S( 5, A ) + f1( B, C, D ) + E + W[ count ] + K1; \
+    E = D; \
+    D = C; \
+    C = S( 30, B ); \
+    B = A; \
+    A = temp; \
+    }
+
+#define subRound2(count)    \
+    { \
+    temp = S( 5, A ) + f2( B, C, D ) + E + W[ count ] + K2; \
+    E = D; \
+    D = C; \
+    C = S( 30, B ); \
+    B = A; \
+    A = temp; \
+    }
+
+#define subRound3(count)    \
+    { \
+    temp = S( 5, A ) + f3( B, C, D ) + E + W[ count ] + K3; \
+    E = D; \
+    D = C; \
+    C = S( 30, B ); \
+    B = A; \
+    A = temp; \
+    }
+
+#define subRound4(count)    \
+    { \
+    temp = S( 5, A ) + f4( B, C, D ) + E + W[ count ] + K4; \
+    E = D; \
+    D = C; \
+    C = S( 30, B ); \
+    B = A; \
+    A = temp; \
+    }
+
+/* The two buffers of 5 32-bit words */
+
+LONG h0, h1, h2, h3, h4;
+LONG A, B, C, D, E;
+
+/* Initialize the SHA1 values */
+
+void sha1Init(sha1Info)
+    SHA1_INFO *sha1Info;
+    {
+    /* Set the h-vars to their initial values */
+    sha1Info->digest[ 0 ] = h0init;
+    sha1Info->digest[ 1 ] = h1init;
+    sha1Info->digest[ 2 ] = h2init;
+    sha1Info->digest[ 3 ] = h3init;
+    sha1Info->digest[ 4 ] = h4init;
+
+    /* Initialise bit count */
+    sha1Info->countLo = sha1Info->countHi = 0L;
+    }
+
+/* Perform the SHA1 transformation.  Note that this code, like MD5, seems to
+   break some optimizing compilers - it may be necessary to split it into
+   sections, eg based on the four subrounds */
+
+void sha1Transform(sha1Info)
+    SHA1_INFO *sha1Info;
+    {
+    LONG W[ 80 ], temp;
+    int i;
+
+    /* Step A.  Copy the data buffer into the local work buffer */
+    for( i = 0; i < 16; i++ )
+	W[ i ] = sha1Info->data[ i ];
+
+    /* Step B.  Expand the 16 words into 64 temporary data words */
+    expand( 16 ); expand( 17 ); expand( 18 ); expand( 19 ); expand( 20 );
+    expand( 21 ); expand( 22 ); expand( 23 ); expand( 24 ); expand( 25 );
+    expand( 26 ); expand( 27 ); expand( 28 ); expand( 29 ); expand( 30 );
+    expand( 31 ); expand( 32 ); expand( 33 ); expand( 34 ); expand( 35 );
+    expand( 36 ); expand( 37 ); expand( 38 ); expand( 39 ); expand( 40 );
+    expand( 41 ); expand( 42 ); expand( 43 ); expand( 44 ); expand( 45 );
+    expand( 46 ); expand( 47 ); expand( 48 ); expand( 49 ); expand( 50 );
+    expand( 51 ); expand( 52 ); expand( 53 ); expand( 54 ); expand( 55 );
+    expand( 56 ); expand( 57 ); expand( 58 ); expand( 59 ); expand( 60 );
+    expand( 61 ); expand( 62 ); expand( 63 ); expand( 64 ); expand( 65 );
+    expand( 66 ); expand( 67 ); expand( 68 ); expand( 69 ); expand( 70 );
+    expand( 71 ); expand( 72 ); expand( 73 ); expand( 74 ); expand( 75 );
+    expand( 76 ); expand( 77 ); expand( 78 ); expand( 79 );
+
+    /* Step C.  Set up first buffer */
+    A = sha1Info->digest[ 0 ];
+    B = sha1Info->digest[ 1 ];
+    C = sha1Info->digest[ 2 ];
+    D = sha1Info->digest[ 3 ];
+    E = sha1Info->digest[ 4 ];
+
+    /* Step D.  Serious mangling, divided into four sub-rounds */
+    subRound1( 0 ); subRound1( 1 ); subRound1( 2 ); subRound1( 3 );
+    subRound1( 4 ); subRound1( 5 ); subRound1( 6 ); subRound1( 7 );
+    subRound1( 8 ); subRound1( 9 ); subRound1( 10 ); subRound1( 11 );
+    subRound1( 12 ); subRound1( 13 ); subRound1( 14 ); subRound1( 15 );
+    subRound1( 16 ); subRound1( 17 ); subRound1( 18 ); subRound1( 19 );
+    subRound2( 20 ); subRound2( 21 ); subRound2( 22 ); subRound2( 23 );
+    subRound2( 24 ); subRound2( 25 ); subRound2( 26 ); subRound2( 27 );
+    subRound2( 28 ); subRound2( 29 ); subRound2( 30 ); subRound2( 31 );
+    subRound2( 32 ); subRound2( 33 ); subRound2( 34 ); subRound2( 35 );
+    subRound2( 36 ); subRound2( 37 ); subRound2( 38 ); subRound2( 39 );
+    subRound3( 40 ); subRound3( 41 ); subRound3( 42 ); subRound3( 43 );
+    subRound3( 44 ); subRound3( 45 ); subRound3( 46 ); subRound3( 47 );
+    subRound3( 48 ); subRound3( 49 ); subRound3( 50 ); subRound3( 51 );
+    subRound3( 52 ); subRound3( 53 ); subRound3( 54 ); subRound3( 55 );
+    subRound3( 56 ); subRound3( 57 ); subRound3( 58 ); subRound3( 59 );
+    subRound4( 60 ); subRound4( 61 ); subRound4( 62 ); subRound4( 63 );
+    subRound4( 64 ); subRound4( 65 ); subRound4( 66 ); subRound4( 67 );
+    subRound4( 68 ); subRound4( 69 ); subRound4( 70 ); subRound4( 71 );
+    subRound4( 72 ); subRound4( 73 ); subRound4( 74 ); subRound4( 75 );
+    subRound4( 76 ); subRound4( 77 ); subRound4( 78 ); subRound4( 79 );
+
+    /* Step E.  Build message digest */
+    sha1Info->digest[ 0 ] += A;
+    sha1Info->digest[ 1 ] += B;
+    sha1Info->digest[ 2 ] += C;
+    sha1Info->digest[ 3 ] += D;
+    sha1Info->digest[ 4 ] += E;
+    }
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+
+/* When run on a little-endian CPU we need to perform byte reversal on an
+   array of longwords.  It is possible to make the code endianness-
+   independant by fiddling around with data at the byte level, but this
+   makes for very slow code, so we rely on the user to sort out endianness
+   at compile time */
+
+static void byteReverse(buffer, byteCount)
+    LONG *buffer;
+    int byteCount;
+    {
+    LONG value;
+    int count;
+
+    byteCount /= sizeof( LONG );
+    for( count = 0; count < byteCount; count++ )
+	{
+	value = ( buffer[ count ] << 16 ) | ( buffer[ count ] >> 16 );
+	buffer[ count ] = ( ( value & 0xFF00FF00L ) >> 8 ) | ( ( value & 0x00FF00FFL ) << 8 );
+	}
+    }
+#endif /* LITTLE_ENDIAN */
+
+/* Update SHA1 for a block of data.  This code assumes that the buffer size
+   is a multiple of SHA1_BLOCKSIZE bytes long, which makes the code a lot
+   more efficient since it does away with the need to handle partial blocks
+   between calls to sha1Update() */
+
+void sha1Update(sha1Info, buffer, count)
+    SHA1_INFO *sha1Info;
+    BYTE *buffer; 
+    int count;
+    {
+    /* Update bitcount */
+    if( ( sha1Info->countLo + ( ( LONG ) count << 3 ) ) < sha1Info->countLo )
+	sha1Info->countHi++; /* Carry from low to high bitCount */
+    sha1Info->countLo += ( ( LONG ) count << 3 );
+    sha1Info->countHi += ( ( LONG ) count >> 29 );
+
+    /* Process data in SHA1_BLOCKSIZE chunks */
+    while( count >= SHA1_BLOCKSIZE )
+	{
+	memcpy( (void *) sha1Info->data, (void *) buffer, SHA1_BLOCKSIZE );
+#if BYTE_ORDER == LITTLE_ENDIAN
+	byteReverse( sha1Info->data, SHA1_BLOCKSIZE );
+#endif /* LITTLE_ENDIAN */
+	sha1Transform( sha1Info );
+	buffer += SHA1_BLOCKSIZE;
+	count -= SHA1_BLOCKSIZE;
+	}
+
+    /* Handle any remaining bytes of data.  This should only happen once
+       on the final lot of data */
+    memcpy( (void *) sha1Info->data, (void *) buffer, count );
+    }
+
+void sha1Final(sha1Info)
+    SHA1_INFO *sha1Info;
+    {
+    int count;
+    LONG lowBitcount = sha1Info->countLo, highBitcount = sha1Info->countHi;
+
+    /* Compute number of bytes mod 64 */
+    count = ( int ) ( ( sha1Info->countLo >> 3 ) & 0x3F );
+
+    /* Set the first char of padding to 0x80.  This is safe since there is
+       always at least one byte free */
+    ( ( BYTE * ) sha1Info->data )[ count++ ] = 0x80;
+
+    /* Pad out to 56 mod 64 */
+    if( count > 56 )
+	{
+	/* Two lots of padding:  Pad the first block to 64 bytes */
+	memset( ( void * ) sha1Info->data + count, 0, 64 - count );
+#if BYTE_ORDER == LITTLE_ENDIAN
+	byteReverse( sha1Info->data, SHA1_BLOCKSIZE );
+#endif /* LITTLE_ENDIAN */
+	sha1Transform( sha1Info );
+
+	/* Now fill the next block with 56 bytes */
+	memset( (void *) sha1Info->data, 0, 56 );
+	}
+    else
+	/* Pad block to 56 bytes */
+	memset( ( void * ) sha1Info->data + count, 0, 56 - count );
+#if BYTE_ORDER == LITTLE_ENDIAN
+    byteReverse( sha1Info->data, SHA1_BLOCKSIZE );
+#endif /* LITTLE_ENDIAN */
+
+    /* Append length in bits and transform */
+    sha1Info->data[ 14 ] = highBitcount;
+    sha1Info->data[ 15 ] = lowBitcount;
+
+    sha1Transform( sha1Info );
+#if BYTE_ORDER == LITTLE_ENDIAN
+    byteReverse( sha1Info->data, SHA1_DIGESTSIZE );
+#endif /* LITTLE_ENDIAN */
+    }
+
+#ifdef TEST
+
+/* ----------------------------- SHA1 Test code --------------------------- */
+
+/* Size of buffer for SHA1 speed test data */
+
+#define TEST_BLOCK_SIZE     ( SHA1_DIGESTSIZE * 100 )
+
+/* Number of bytes of test data to process */
+
+#define TEST_BYTES          10000000L
+#define TEST_BLOCKS         ( TEST_BYTES / TEST_BLOCK_SIZE )
+
+void main()
+    {
+    SHA1_INFO sha1Info;
+    time_t endTime, startTime;
+    BYTE data[ TEST_BLOCK_SIZE ];
+    long i;
+
+    /* Test output data (this is the only test data given in the SHA1
+       document, but chances are if it works for this it'll work for
+       anything) */
+    sha1Init( &sha1Info );
+    sha1Update( &sha1Info, ( BYTE * ) "abc", 3 );
+    sha1Final( &sha1Info );
+    if( sha1Info.digest[ 0 ] != 0x0164B8A9L ||
+	sha1Info.digest[ 1 ] != 0x14CD2A5EL ||
+	sha1Info.digest[ 2 ] != 0x74C4F7FFL ||
+	sha1Info.digest[ 3 ] != 0x082C4D97L ||
+	sha1Info.digest[ 4 ] != 0xF1EDF880L )
+	{
+	puts( "Error in SHA1 implementation" );
+	exit( -1 );
+	}
+
+    /* Now perform time trial, generating MD for 10MB of data.  First,
+       initialize the test data */
+    memset( data, 0, TEST_BLOCK_SIZE );
+
+    /* Get start time */
+    printf( "SHA1 time trial.  Processing %ld characters...\n", TEST_BYTES );
+    time( &startTime );
+
+    /* Calculate SHA1 message digest in TEST_BLOCK_SIZE byte blocks */
+    sha1Init( &sha1Info );
+    for( i = TEST_BLOCKS; i > 0; i-- )
+	sha1Update( &sha1Info, data, TEST_BLOCK_SIZE );
+    sha1Final( &sha1Info );
+
+    /* Get finish time and time difference */
+    time( &endTime );
+    printf( "Seconds to process test input: %ld\n", endTime - startTime );
+    printf( "Characters processed per second: %ld\n", TEST_BYTES / ( endTime - startTime ) );
+    }
+
+#endif